header-logo
Suggest Exploit
vendor:
Ruby on Rails
by:
Unknown
7.5
CVSS
HIGH
Script-Injection
79
CWE
Product Name: Ruby on Rails
Affected Version From: 1.2.2003
Affected Version To: Unknown
Patch Exists: YES
Related CWE:
CPE: a:rubyonrails:ruby_on_rails:1.2.3
Metasploit:
Other Scripts:
Platforms Tested:
2007

Script-Injection Vulnerability in Ruby on Rails

Ruby on Rails is prone to a script-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user-supplied input before using it in dynamically generated content. Additionally, keeping Ruby on Rails up-to-date with the latest security patches and versions is advised.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24161/info

Ruby on Rails is prone to a script-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

This issue affects Ruby on Rails 1.2.3; other versions may also be affected. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/30089.tgz

Navigation

Suggest Exploit

Services By CQR